gnu: glibc/linux: Add patches for CVE-2017-1000366.

* gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch,
gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch,
gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/base.scm (glibc/linux)[source](patches): Add them.
[replacement]: Remove.
(glibc-2.25-patched): Remove.
(glibc-2.24, glibc-2.23, glibc-2.22, glibc-2.21)
(glibc-locales): Remove 'replacement' field.
This commit is contained in:
Ludovic Courtès 2017-06-29 12:53:14 +02:00
parent 60724d6975
commit 503a4df904
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -514,7 +514,6 @@ (define-public glibc/linux
(package
(name "glibc")
(version "2.25")
(replacement glibc-2.25-patched)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
@ -533,7 +532,10 @@ (define-public glibc/linux
(patches (search-patches "glibc-ldd-x86_64.patch"
"glibc-versioned-locpath.patch"
"glibc-o-largefile.patch"
"glibc-memchr-overflow-i686.patch"))))
"glibc-memchr-overflow-i686.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))
(build-system gnu-build-system)
;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
@ -769,20 +771,6 @@ (define* (glibc-for-target #:optional
(define-syntax glibc
(identifier-syntax (glibc-for-target)))
(define glibc-2.25-patched
(package
(inherit glibc)
(replacement #f)
(source (origin
(inherit (package-source glibc))
(patches (search-patches "glibc-ldd-x86_64.patch"
"glibc-versioned-locpath.patch"
"glibc-o-largefile.patch"
"glibc-vectorized-strcspn-guards.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))))
;; Below are old libc versions, which we use mostly to build locale data in
;; the old format (which the new libc cannot cope with.)
@ -790,7 +778,6 @@ (define-public glibc-2.24
(package
(inherit glibc)
(version "2.24")
(replacement #f)
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
@ -810,7 +797,6 @@ (define-public glibc-2.23
(package
(inherit glibc)
(version "2.23")
(replacement #f)
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
@ -830,7 +816,6 @@ (define-public glibc-2.22
(package
(inherit glibc)
(version "2.22")
(replacement #f)
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
@ -858,7 +843,6 @@ (define-public glibc-2.21
(package
(inherit glibc-2.22)
(version "2.21")
(replacement #f)
(source (origin
(inherit (package-source glibc-2.22))
(uri (string-append "mirror://gnu/glibc/glibc-"
@ -871,7 +855,6 @@ (define-public glibc-locales
(package
(inherit glibc)
(name "glibc-locales")
(replacement #f)
(source (origin (inherit (package-source glibc))
(patches (cons (search-patch "glibc-locales.patch")
(origin-patches (package-source glibc))))))